I have a log-in form that is displayed via prompt (
ask). I have these scripts used to logged in the user.
ask "Please enter your username" put it into username ask "Please enter your password" put it into password revExecuteSQL tDatabaseID, "SELECT * FROM Users WHERE Username=" &username& " AND Password="&password&"
When the user/attacker enters the
" character in the form, the app shows that there is an error in the SQL scripts which this can make an user/attacker starts hacking.
How to protect the app from SQL injection in livecode?